/**
 * 
 */
package com.thon.security;

import java.io.IOException;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter;

/**
 * @file AnyRolesAuthorizationFilter.java
 * @author manpiaoyi
 * @mail manpiaoyi@126.com
 * @data 2014-10-15
 * @description: TODO
 */
public class RestFilter extends HttpMethodPermissionFilter {
	@Override
	  public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException {
        String[] perms = (String[]) mappedValue;
        // append the http action to the end of the permissions and then back to super
        String action = getHttpMethodAction(request);
        String[] resolvedPerms = buildPermissions(perms, action);
       
        Subject subject = getSubject(request, response);       

        boolean isPermitted = true;
        if (resolvedPerms != null && resolvedPerms.length > 0) {
            if (resolvedPerms.length == 1) {
                if (!subject.isPermitted(resolvedPerms[0])) {
                    isPermitted = false;
                }
            } else {
                if (!subject.isPermittedAll(resolvedPerms)) {
                    isPermitted = false;
                }
            }
        }

        return isPermitted;
        
        
    }
	

}
